Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-twq1-g136-9kc3
Summary
containerd has an integer overflow in User ID handling
### Impact
A bug was found in containerd where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user.

### Patches
This bug has been fixed in the following containerd versions: 

* 2.0.4 (Fixed in https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20)
* 1.7.27 (Fixed in https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da)
* 1.6.38 (Fixed in https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a)

Users should update to these versions to resolve the issue.

### Workarounds
Ensure that only trusted images are used and that only trusted users have permissions to import images.

### Credits
The containerd project would like to thank [Benjamin Koltermann](https://github.com/p4ck3t0) and [emxll](https://github.com/emxll) for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md).

### References
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40635

### For more information

If you have any questions or comments about this advisory:

* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)
* Email us at [security@containerd.io](mailto:security@containerd.io)

To report a security issue in containerd:
* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)
* Email us at [security@containerd.io](mailto:security@containerd.io)
Aliases
0
alias CVE-2024-40635
1
alias GHSA-265r-hfxg-fhmg
Fixed_packages
0
url pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4?distro=trixie
purl pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4%3Fdistro=trixie
1
url pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u5?distro=trixie
purl pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u5%3Fdistro=trixie
2
url pkg:deb/debian/containerd@1.5.8~ds1-3
purl pkg:deb/debian/containerd@1.5.8~ds1-3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.5.8~ds1-3
3
url pkg:deb/debian/containerd@1.6.20~ds1-1%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/containerd@1.6.20~ds1-1%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xd4a-qav4-uqd1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.20~ds1-1%252Bdeb12u2%3Fdistro=trixie
4
url pkg:deb/debian/containerd@1.7.24~ds1-6?distro=trixie
purl pkg:deb/debian/containerd@1.7.24~ds1-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-6%3Fdistro=trixie
5
url pkg:deb/debian/containerd@1.7.24~ds1-6%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/containerd@1.7.24~ds1-6%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-6%252Bdeb13u1%3Fdistro=trixie
6
url pkg:deb/debian/containerd@2.1.4~ds2-8?distro=trixie
purl pkg:deb/debian/containerd@2.1.4~ds2-8?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.4~ds2-8%3Fdistro=trixie
7
url pkg:deb/debian/containerd@2.1.6%2Bds1-1?distro=trixie
purl pkg:deb/debian/containerd@2.1.6%2Bds1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.6%252Bds1-1%3Fdistro=trixie
8
url pkg:golang/github.com/containerd/containerd@1.6.38
purl pkg:golang/github.com/containerd/containerd@1.6.38
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/containerd/containerd@1.6.38
9
url pkg:golang/github.com/containerd/containerd@1.7.27
purl pkg:golang/github.com/containerd/containerd@1.7.27
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/containerd/containerd@1.7.27
10
url pkg:golang/github.com/containerd/containerd/v2@2.0.4
purl pkg:golang/github.com/containerd/containerd/v2@2.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/containerd/containerd/v2@2.0.4
Affected_packages
0
url pkg:deb/debian/containerd@1.4.5~ds1-2
purl pkg:deb/debian/containerd@1.4.5~ds1-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ucu-ewxj-xfhp
1
vulnerability VCID-3brf-dmwm-qkgj
2
vulnerability VCID-9qpc-77v8-13hw
3
vulnerability VCID-f2yv-ut5v-m7ey
4
vulnerability VCID-kuwr-ugf2-rke4
5
vulnerability VCID-tc5s-4nx2-y7d9
6
vulnerability VCID-twq1-g136-9kc3
7
vulnerability VCID-xd4a-qav4-uqd1
8
vulnerability VCID-yyye-gaug-8uh2
9
vulnerability VCID-zedh-ff93-yka4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.5~ds1-2
1
url pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u2
purl pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3brf-dmwm-qkgj
1
vulnerability VCID-f2yv-ut5v-m7ey
2
vulnerability VCID-tc5s-4nx2-y7d9
3
vulnerability VCID-twq1-g136-9kc3
4
vulnerability VCID-xd4a-qav4-uqd1
5
vulnerability VCID-yyye-gaug-8uh2
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u2
2
url pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4
purl pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f2yv-ut5v-m7ey
1
vulnerability VCID-twq1-g136-9kc3
2
vulnerability VCID-xd4a-qav4-uqd1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40635.json
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40635.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-40635
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02709
published_at 2026-04-21T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02599
published_at 2026-04-18T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02591
published_at 2026-04-16T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.02626
published_at 2026-04-08T12:55:00Z
4
value 0.00014
scoring_system epss
scoring_elements 0.02608
published_at 2026-04-13T12:55:00Z
5
value 0.00014
scoring_system epss
scoring_elements 0.02609
published_at 2026-04-12T12:55:00Z
6
value 0.00014
scoring_system epss
scoring_elements 0.02623
published_at 2026-04-11T12:55:00Z
7
value 0.00014
scoring_system epss
scoring_elements 0.02604
published_at 2026-04-02T12:55:00Z
8
value 0.00014
scoring_system epss
scoring_elements 0.02618
published_at 2026-04-04T12:55:00Z
9
value 0.00014
scoring_system epss
scoring_elements 0.02622
published_at 2026-04-07T12:55:00Z
10
value 0.00014
scoring_system epss
scoring_elements 0.02646
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-40635
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40635
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40635
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/containerd/containerd
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd
5
reference_url https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:17:05Z/
url https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da
6
reference_url https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:17:05Z/
url https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20
7
reference_url https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:17:05Z/
url https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a
8
reference_url https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:17:05Z/
url https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg
9
reference_url https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-40635
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-40635
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100806
reference_id 1100806
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100806
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2353043
reference_id 2353043
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2353043
13
reference_url https://usn.ubuntu.com/7374-1/
reference_id USN-7374-1
reference_type
scores
url https://usn.ubuntu.com/7374-1/
Weaknesses
0
cwe_id 190
name Integer Overflow or Wraparound
description The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-twq1-g136-9kc3